[jira] [Resolved] (FELIX-3010) XSS in Felix Web Console
[ https://issues.apache.org/jira/browse/FELIX-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler resolved FELIX-3010. - Resolution: Fixed The pid and filter pid is now filtered against invalid characters Changed in revision 1147461 > XSS in Felix Web Console > > > Key: FELIX-3010 > URL: https://issues.apache.org/jira/browse/FELIX-3010 > Project: Felix > Issue Type: Bug > Components: Web Console >Affects Versions: webconsole-3.1.8 >Reporter: Lars Krapf >Assignee: Carsten Ziegeler > Labels: console, felix, xss > Fix For: webconsole-3.1.10 > > > http://localhost:4502/system/console/configMgr/%3Cscript%3Ealert(23);%3C/script%3E -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
ipojo @ServiceProperty field cannot be configured by FileInstall?
I configured some ipojo components by FileInstall, as following: 1) install ConfigAdmin, FileInstall; 2) set the managedservice attribute, @Component(managedservice="com-pid"); 3) create com-pid.cfg file inside /load directory In this way, I successfully configured some components except one javax.servlet.Filter implementation. The only difference I found out is, the field of Filter component to be configured is @ServiceProperty, while the fields of other components all is @Property. Is it the real reason? Regards, drhades
